End-to-end trusted communications infrastructure

US 9,282,898 B2
Filed: 06/25/2012
Issued: 03/15/2016
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method of providing secure transmission of medical information via a trusted end-to-end communication link, comprising:

receiving, by a processor executing in a trusted security zone of a mobile access terminal, an input that is obtained via at least one sensor, wherein the trusted security zone includes a hardware root of trust and a secure partition that receives the input, wherein the input comprises medical data;

preventing, by execution of the processor in the trusted security zone, applications outside of the trusted security zone from executing on the mobile access terminal, wherein applications that execute outside of the trusted security zone are blocked from accessing the secure partition that received the input;

generating, by a secure application stored in the secure partition and executing on the processor in the trusted security zone of the mobile access terminal,a message based on the input, anda trust token for transmission via a trusted end-to-end communication link that comprises a plurality of network nodes and a wireless communication link, wherein the trusted end-to-end communication link provides handling of the message in a corresponding trusted security zone of each network node along the trusted end-to-end communication link; and

transmitting, by the mobile access terminal via the trusted end-to-end communication link, the message and trust token to a medical data server that receives the message by an application that executes in a trusted security zone of the medical data server, wherein the medical data server is one endpoint in the trusted end-to-end communication link with the mobile access terminal and is another endpoint for a second trusted end-to-end communication link to a trusted security zone of a computer system that provides secure access to medical information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of delivery of medical data via a trusted end-to-end communication link. The method comprises obtaining a measurement of a parameter of a human being by a first sensor, obtaining a biometric from the human being by a second sensor, receiving input from the first and second sensors by a secure application executing in a trusted security zone of a processor, whereby access to the input from the first and second sensors by applications executing in a normal partition of the processor is blocked, wherein the input from the first and second sensors comprises the measurement of the parameter and the biometric, and transmitting a message based on the input from the first and second sensors via a trusted end-to-end communication link to a medical data server, wherein an application that receives the message executes in a trusted security zone of the server.

Citations

21 Claims

1. A method of providing secure transmission of medical information via a trusted end-to-end communication link, comprising:
- receiving, by a processor executing in a trusted security zone of a mobile access terminal, an input that is obtained via at least one sensor, wherein the trusted security zone includes a hardware root of trust and a secure partition that receives the input, wherein the input comprises medical data;
  
  preventing, by execution of the processor in the trusted security zone, applications outside of the trusted security zone from executing on the mobile access terminal, wherein applications that execute outside of the trusted security zone are blocked from accessing the secure partition that received the input;
  
  generating, by a secure application stored in the secure partition and executing on the processor in the trusted security zone of the mobile access terminal,a message based on the input, anda trust token for transmission via a trusted end-to-end communication link that comprises a plurality of network nodes and a wireless communication link, wherein the trusted end-to-end communication link provides handling of the message in a corresponding trusted security zone of each network node along the trusted end-to-end communication link; and
  
  transmitting, by the mobile access terminal via the trusted end-to-end communication link, the message and trust token to a medical data server that receives the message by an application that executes in a trusted security zone of the medical data server, wherein the medical data server is one endpoint in the trusted end-to-end communication link with the mobile access terminal and is another endpoint for a second trusted end-to-end communication link to a trusted security zone of a computer system that provides secure access to medical information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the medical data comprises measurement data associated with a bodily parameter including a blood sugar level, a blood thickness, a blood pressure, a bodily temperature, a blood oxygen saturation level, a pulse rate, a heart rhythm, or any combination thereof.
  - 3. The method of claim 1, wherein the medical data comprises a biometric signature including a fingerprint scan, a retinal scan, a face scan, a DNA signature, or any combination thereof.
  - 4. The method of claim 1, wherein the trust token is associated with the trusted security zone of the mobile access terminal.
  - 5. The method of claim 1,wherein the medical data server maintains a data store accessible by a trusted security zone of the medical data server, the data store comprising a plurality of medical records stored in non-transitory memory that are associated with a plurality of different human beings,wherein each medical record comprises at least one bodily parameter and biometric signature corresponding to one of the human beings, andwherein the plurality of medical records are analyzed by a processor executing in the trusted security zone of the medical data server.
  - 6. The method of claim 1, wherein the trust token is verified by each trusted security zone of each network node in the trusted end-to-end communication link prior to being received by the medical data server, wherein the trust token validates the trust level of the trusted end-to-end communication link.
  - 7. The method of claim 1, wherein the trust token is encapsulated within the message prior to transmitting the message to the medical data server via the trusted end-to-end communication link.
  - 8. The method of claim 1, wherein the trust token is comprised within or appended to the message prior to the transmitting.
  - 9. The method of claim 1, wherein the trusted security zone disables execution of applications, that are outside the trusted security zone, during execution of the trusted security zone.
  - 10. The method of claim 1, wherein each trusted security zone comprises at least one of a virtual processor, a physical processor, or a combination thereof.

11. A method of providing secure access of medical information via a trusted end-to-end communication link, comprising:
- receiving, by a secure application executing in a trusted security zone of a medical data server, a first message via a first trusted end-to-end communication link from a mobile access terminal, wherein the first message is based on an input comprising medical sensor data;
  
  determining, by the secure application while preventing execution of applications that execute outside of the trusted security zone of the medical data server, that the first message was handled in trusted security zones along the first trusted end-to-end communication link, wherein each trusted security zone includes a hardware root of trust and a secure partition;
  
  generating, in the trusted security zone by the secure application, a second message based on the input of the first message; and
  
  transmitting, by the server application via a second trusted end-to-end communication link, the second message to a trusted security zone of a computer system, wherein the computer system is provided secure access to medical information based on transmitting via the second trusted end-to-end communication link.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, wherein each trusted security zone along each trusted end-to-end communication link blocks access to applications that execute outside respective trusted security zones.
  - 13. The method of claim 11, wherein at least each trusted end-to-end communication link comprises a plurality of network nodes, wherein each network node is associated a trusted security zone.
  - 14. The method of claim 11, wherein the medical sensor data comprises a bodily parameter including a blood sugar level, a blood thickness, a blood pressure, a bodily temperature, a blood oxygen saturation level, a pulse rate, a heart rhythm, or any combination thereof.
  - 15. The method of claim 11, wherein the medical sensor data comprises a biometric signature including data associated with one of a fingerprint scan, a retinal scan, a face scan, a DNA signature, or any combination thereof.
  - 16. The method of claim 11, wherein at least one trust token is included with the first message.
  - 17. The method of claim 11, wherein determining that the first message was handled in trusted security zones is based on verification of a trust level of the first message.
  - 18. The method of claim 11, further comprising analyzing, by the server application in the trusted security zone, a plurality of medical records based on the first message.
  - 19. The method of claim 11, wherein generating the second message is responsive to the determination that the first message was generated in the trusted security zone of the mobile access terminal.
  - 20. The method of claim 11, wherein each trusted security zone comprises at least one of a virtual processor, a physical processor, or a combination thereof.
  - 21. The method of claim 11, wherein at least a portion of one trusted end-to-end communication link comprises a wireless communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
McRoberts, Leo Michael, Paczkowski, Lyle W., Rondeau, David E.
Primary Examiner(s)
Tomaszewski, Michael

Application Number

US13/532,588
Publication Number

US 20130345530A1
Time in Patent Office

1,359 Days
Field of Search

705 2- 3
US Class Current

1/1
CPC Class Codes

A61B 5/0022   Monitoring a patient using ...

A61B 5/01   Measuring temperature of bo...

A61B 5/021   Measuring pressure in heart...

A61B 5/024   Detecting, measuring or rec...

A61B 5/145   Measuring characteristics o...

A61B 5/1455   using optical sensors, e.g....

G06F 21/32   using biometric data, e.g. ...

G16H 40/67   for remote operation

G16Z 99/00   Subject matter not provided...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 67/141   Setup of application sessio...

H04W 12/06   Authentication

End-to-end trusted communications infrastructure

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

End-to-end trusted communications infrastructure

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links